Create a private apt package
Private apt package management system used by Ubuntu and other Linux distributions based on Debian is called APT (Advanced Package Tool). Users may easily install, update, and delete software packages from their devices because of its user-friendly design. APT is a command-line utility that manages software packages through repositories.
A repository is a group of software applications that have been examined and found to be compatible with the distribution. The packages in the repository are arranged so that APT can easily discover and install them. New packages and modifications to old packages are often added to the repository.
Now start to create a private apt package. Follow the setups given below.
Create a pair of GPG keys
Software packages must be signed using a GPG private key, and the GPG public key must also be distributed so that users may validate the authenticity of the packages.
Build Your Own*.Deb Package
The default file extension for software packages created for Debian and Ubuntu distributions is .deb. For the sake of this tutorial, if the package is offered under an open-source license, you can download an existing .deb file. If you want to develop your software, I’ll walk you through the fundamental stages of creating a.deb file.
I provide Firefox as an illustration. Firefox no longer comes with Ubuntu in deb format. For Firefox, it just offers the Snap package. I occasionally use the Snap package since it’s a straightforward program, like the Let’s Encrypt client certbot. I use it to get a TLS certificate, after which I am free from concern. The web browser is a piece of software that I use constantly, but I prefer to use the traditional Debian package format because the Snap version of Firefox doesn’t work well with the file system.
A.deb file is simply an ar archive, identical to a.tar achive, on the inside. To convert a Firefox binary tarball into a.deb file, follow these steps. The procedures are slightly different if you wish to package using a source code tarball.
Type the CD command to your home directory
cd ~
Get the Firefox tarball from the Mozilla website.
wget https://download-installer.cdn.mozilla.net/pub/firefox/releases/107.0.1/linux-x86_64/en-US/firefox-107.0.1.tar.bz2
Take the archive out.
tar xvf firefox-107.0.1.tar.bz2
There is now a directory for Firefox. Because we want people to install the package to the /opt/firefox-deb/ directory on their machine, we need to build the opt/firefox-deb/ sub-directory under this directory.
mkdir -p ~/firefox/opt/firefox-deb
Open your file manager and transfer all additional files and directories to the /firefox/opt/firefox-deb/ directory.
Next, Make a DEBIAN directory.
mkdir ~/firefox/DEBIAN
a control file should be created in the DEBIAN directory.
nano ~/firefox/DEBIAN/control
The lines after are added to this file. The package name will be chosen by the Package argument.
Source: firefox
Maintainer: Xiao Guoan <xiao@linuxiron.com>
Section: misc
Priority: optional
Standards-Version: 3.9.2
Build-Depends: debhelper (>= 9)
Package: firefox-deb
Architecture: amd64
Description: Firefox web browser without the Snaps
Version: 107
Save the document, then exit. The next step is to build a.desktop file so the user may launch Firefox with ease. To create the usr/share/applications/ subdirectory, use the following command.
mkdir -p ~/firefox/usr/share/applications/
Create the .desktop file.
nano ~/firefox/usr/share/applications/firefox-deb.desktop
Then execute the subsequent command to create the.deb package.
dpkg-deb –build ~/firefox
Ubuntu compresses.deb files using zstd. Use other compression techniques, such as gzip, which are compatible with both Debian and Ubuntu, when creating.deb packages for Debian on an Ubuntu machine.
dpkg-deb -Zgzip –build ~/firefox
Put Your GPG Private Key to Use to Sign the Package
put the dpkg-sig utility in place.
sudo apt install dpkg-sig
The.deb package may then be signed by running the following command. You will have to input your key passphrase to unlock it, which will utilize your default GPG private key.
dpkg-sig –sign builder firefox.deb
Establish the APT Repository
Install the creator of the Debian package repository.
sudo apt install reprepro
The repository’s base directory should then be created.
sudo mkdir -p /var/www/repository/
The owner should be changed to your username.
sudo chown username:username /var/www/repository/
Make a subdirectory called “conf.
mkdir -p /var/www/repository/conf/
Make a text document called “distributions.”
nano /var/www/repository/conf/distributions
In this file, insert the following lines.
Origin: https://linuxiron.com
Label: apt repository
Codename: admin
Architectures: amd64
Components: main
Description: linuxiron package repository for Debian/Ubuntu
SignWith: 00000000000000
Pull: admin
Where
- Origin: the hostname of your repository.
- Label: Give it a name
- Codename: Which operating systems your repository supports. For Ubuntu 22.04, use admin. Simply copy the aforementioned snippet, put it in the same file, and edit the codename if you wish to support various distros.
- Architectures: could be amd64, i386, or source.
- Components: Use main as the single Element if your repository doesn’t include many packages.
- Description: Describe what this repository is for.
- SignWith: A GPG key should be used to sign the repository. There will be a Release.gpg file created. Your GPG key ID must be entered here.
You may use the following command to discover your key ID. User-id should be changed to your GPG email address.
gpg –list-sigs user-id
Save the document, then exit. The.deb file should then be added to the repository. Your GPG key passphrase will be required when prompted.
jammy /path/to/the/.deb_file reprepro -V –basedir /var/www/repository/ includedeb
-V: Verbose mode.
–basedir: Specify the base directory.
includedeb: Add deb package to the repository.
jammy :The distro’s code name. For users of Ubuntu 22.04, the deb package will be added in this instance.
Keep in mind that running reprepro as root or using sudo will prevent it from locating your GPG key.
The GPG public key should now be added to the repository as well. To export your public key and put it in the repository base directory, issue the following command. Your GPG key’s email address is your user-id.
gpg –armor –export user-id | sudo tee /var/www/repository/gpg-pubkey.asc
Upload the Repository to a Cloud Server
Build the repository on a cloud Linux server if you want other people to be able to utilise it. When you have one, use SSH to connect to the server and establish the same basic directory.
sudo mkdir -p /var/www/repository/
The two base folders are then synced using rsync. Put your cloud Linux server’s IP address in lieu of 12.34.56.78.
rsync -azP –delete /var/www/repository/ root@12.34.67.78:/var/www/repository/
(-a): Archive mode
-z : Compress file data when transferring
-P: Retain partly transferred files and indicate transfer progress
–delete: removes unused files from the target directory.
Install an HTTP server
To make the repository accessible to the whole Internet, we must now put up an HTTP server. Apache or Nginx are both options.
Nginx
On the cloud server, install Nginx.
sudo apt install nginx
A virtual host file should be created for the APT storage.
sudo nano /etc/nginx/conf.d/apt-repository.conf
The lines after are added to this file.
server {
listen 80;
server_name repo.linuxbabe.com;
access_log /var/log/nginx/apt-repository.access;
error_log /var/log/nginx/apt-repository.error;
location / {
root /var/www/repository/;
autoindex on;
}
location ~ /(.*)/conf {
deny all;
}
location ~ /(.*)/db {
deny all;
}
}
Save the document, then exit. Next, verify the Nginx settings.
sudo nginx -t
Reload Nginx if the test is successful.
sudo systemctl reload nginx
Apache
Install Apache on the cloud server if that’s what you wish.
sudo apt install apache2
A virtual host file should be made for the APT repository.
sudo nano /etc/apache2/sites-available/apt-repository.conf
The lines after are added to this file.
<VirtualHost *:80>
ServerName repo.example.com
ErrorDocument 404 /404.html
DocumentRoot /var/www/repository
<Directory /var/www/repository/ >
# We want the user to be able to browse the directory manually
Options Indexes FollowSymLinks Multiviews
Require all granted
</Directory>
# This syntax supports several repositories, e.g. one for Debian, one for Ubuntu.
# Replace * with debian, if you intend to support one distribution only.
<Directory “/var/www/repository/apt/*/db/”>
Require all denied
</Directory>
<Directory “/var/www/repository/apt/*/conf/”>
Require all denied
</Directory>
<Directory “var/www/repository/apt/*/incoming/”>
Require all denied
</Directory>
</VirtualHost>
Save the document, then exit. Next, make this virtual host active.
sudo a2ensite apt-repository.conf
Restart Apache.
sudo systemctl restart apache2
Enable HTTPS
We can activate HTTPS and encrypt HTTP traffic by installing a free TLS certificate from Let’s Encrypt. To install the Let’s Encrypt client (certbot) on Ubuntu 22.04/20.04, enter the following command.
sudo apt install certbot
You must also install the Certbot Nginx plugin if you use Nginx.
sudo apt install python3-certbot-nginx
Run the below command to get and install a TLS certificate.
sudo certbot –webroot -w /var/www/repository -i nginx –agree-tos –redirect –hsts –staple-ocsp –email you@example.com -d repo.example.com
You must set up the Certbot Apache plugin if you use Apache.
sudo apt install python3-certbot-apache
Run the below command to get and install a TLS certificate.
sudo certbot –webroot -w /var/www/repository -i apache –agree-tos –redirect –hsts –staple-ocsp –email you@example.com -d repo.example.com
Where:
–webroot: You may get a TLS certificate by using the webroot plugin.
-w: Cite the webroot location.
-i nginx: Installing the certificate is done using the nginx plugin.
-i apache: Install the certificate using the Apache extension.
–agree-tos: Acceptance of the terms of service.
–redirect: By using a 301 redirect, force HTTPS.
–hsts: Each HTTP response should include the Strict-Transport-Security header. forcing the domain to utilise TLS in all browser interactions. Against SSL/TLS Stripping defence.
–staple-ocsp: Allows for OCSP Stapling. The server’s TLS certificate is attached to a legitimate OCSP response.
Now should be the time to automatically get and install the certificate.
Additionally, you may use a web browser to access you’re APT repository.
Test
We may now add the repository to a different machine to see whether it will function.
To import the GPG public key so that APT can validate package integrity during installation, issue the following command.
wget –quiet -O – https://repo.linuxbabe.com/linuxbabe-pubkey.asc | sudo tee /etc/apt/keyrings/linuxbabe-pubkey.asc
Integrate the repository.
echo “deb [signed-by=/etc/apt/keyrings/linuxbabe-pubkey.asc arch=$( dpkg –print-architecture )] https://repo.linuxbabe.com $(lsb_release -cs) main” | sudo tee /etc/apt/sources.list.d/firefox-linuxbabe.list
Reindex the repository.
sudo apt update
Set up Firefox. Not to worry. It won’t replace the current Firefox installation you have.
sudo apt install firefox-deb
Check the installation location.
dpkg -L firefox-deb
The /opt/firefox-deb/ directory will show that Firefox Deb is installed.
And you may launch it using the following command or the programme menu on your computer.
/opt/firefox-deb/firefox
You may be perplexed as to why I have three Firefox icons. mostly because I installed my own Firefox deb package, Firefox ESR, and the Snap version of the browser.
Run the Snap Firefox removal programme if you wish to
sudo systemctl disable –now var-snap-firefox-common-host\\x2dhunspell.mount
sudo snap remove firefox
Using my Firefox deb package has the benefit of allowing you to update the browser as soon as a new version is made available by Firefox. You are not need to wait for me to use sudo apt update to push the update.
For removing a Package from the Repository
reprepro -V –basedir /var/www/repository/ remove jammy firefox
Then sync the repository.
rsync -azP /var/www/repository/ root@12.34.67.78:/var/www/repository/
Wrap Up
That’s how you can create private apt package. There are several benefits to creating your own repository. It could be that you just have a small number of locally modified packages that you want to make available, that you want to run a local mirror with many machines using the same packages to conserve bandwidth, or that you have written your own packages and want to test them out before making them public. These steps may be able to help you find a solution.
You can learn about linux more deeply by clicking the link below
https://linuxiron.com/what-is-linux-a-whole-introduction/
Learn about the linux commands by clicking the links below
https://linuxiron.com/echo-command-in-linux/
https://linuxiron.com/how-to-use-nice-renice-commands-in-linux/
https://linuxiron.com/how-to-use-kill-commands-in-linux/
https://linuxiron.com/a-beginners-guide-to-htop-for-process-management/
https://linuxiron.com/15-useful-yum-commands-in-linux/
https://linuxiron.com/how-to-use-the-top-command-in-linux/
https://linuxiron.com/17-ps-command-to-monitor-linux-process-with-examples-linuxiron/
https://linuxiron.com/12-cat-commands-in-linux-with-examples/
https://linuxiron.com/archiving-and-compressing-files-and-directories-in-linux/